In this section, we’ll explain what XML external entity injection is, describe some common examples, explain how to find and exploit various...
Kali Linux is a Debian-based distribution for digital forensics and penetration testing, developed and maintained by Offensive Security. Mati Aharoni and Devon...
We are incredibly excited to announce our fourth and final release of 2019, Kali Linux 2019.4. 2019.4 includes some exciting new updates:...
Malicious Macro MSBuild Generator Generates Malicious Macro and Execute Powershell or Shellcode via MSBuild Application Whitelisting Bypass, this tool intended for adversary...
Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. UsageUsing Corsy is pretty simplepython corsy.py -u https://example.comA...
OWASP Juice Shop OWASP Juice Shop is an intentionally insecure web app for security training written entirely in Javascript which encompasses the...
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services...
grafana Grafana allows you to query, visualize, alert on and understand your metrics no matter where they are stored. Create, explore, and...
AntiSpy is a free but powerful anti virus and rootkits toolkit.It offers you the ability with the highest privileges that can detect,analyze...
Corsy Corsy is a lightweight program that scans for all known misconfigurations in CORS implementations. Tests implemented Pre-domain bypass Post-domain bypass Backtick...
RE:TERNAL is a centralised purple team simulation platform. Reternal uses agents installed on a simulation network to execute various known red-teaming techniques...
Flan Scan is a lightweight network vulnerability scanner. With Flan Scan you can easily find open ports on your network, identify services...
Inspired by https://github.com/jmagnusson/bgtunnel, which doesn’t work on Windows.See also: https://github.com/paramiko/paramiko/blob/master/demos/forward.py Requirements paramiko Installationsshtunnel is on PyPI, so simply run: pip install sshtunnel...
sn0int sn0int is an OSINT framework and package manager. It was built for IT security professionals and bug hunters to gather intelligence...
Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based...
FDsploit FDsploit is a File inclusion & Directory Traversal fuzzer, enumeration & exploitation tool. Features The LFI-shell interface provides only the output...
The purpose of this tool is to help penetration testers identify potentially valuable targets on the internal network environment. By aggregating netstat...
Mondoo Mondoo is a natural language query system for scanning, deploying and remediating your cloud-native applications. Feature Insights into your fleet Ask...
RdpThief by itself is a standalone DLL that when injected in the mstsc.exe process, will perform API hooking, extract the clear-text credentials...
Simulator A distributed systems and infrastructure simulator for attacking and debugging Kubernetes: simulator creates a Kubernetes cluster for you in your AWS account;...
DNCI allows the injection of .Net code (.exe or .dll) remotely in unmanaged processes in windows. 1. Project StructureThe project is structured...